Stagefright is a media playback engine on Android that supports several media formats by default, features audio and video playback, session management, DRM and more.
It is also a name of a vulnerability, or a series of vulnerabilities that were recently discovered. Since Stagefright is a core Android technology, it is affecting (nearly) all devices running the operating system.
What makes the vulnerability particularly troublesome is that it can be executed passively. This means that devices can be attacked successfully without user input.
Basically, what it does is send a specially prepared MMS (Multimedia Message Service) to devices. Since Android devices are configured by default to download and process these messages automatically, attacks are executed in the background.
The vulnerabilities allow attackers to run code remotely on the device, for instance by executing code, using device sensors or snooping around.
Only devices running Android 2.2 or older are not affected by Stagefright at this point in time.
Since attacks require that MMS are automatically downloaded to the system, disabling that ability seems to be one of the better options to protect a device from attacks.
If you are using a different messaging application, you will need to find out whether it supports the blocking of MMS messages by default as well.
Most should provide you with such an option but some may not. If your texting application does not support the disabling of the feature, you may want to consider switching it to a different one for the time being until the issue is resolved.
This is done in the Android settings under More > Default SMS app. Again, the location of the setting may vary depending on your version of the operating system
Most manufacturers are slow when it comes to delivering patches to end users and it may take a while before the vulnerability is patched on most devices. If you run CyanogenMod, you should receive updates this week as the issue has already been patched.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.